Uploaded image for project: 'jUDDI (Retired)'
  1. jUDDI (Retired)
  2. JUDDI-1003

spring-web jar supplied with latest JUDDI distribution has security vulnerability

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.3.6, 3.3.7
    • 3.3.8
    • juddi-tomcat
    • None

    Description

      The jar for spring-web (JUDDI 3.3.7 comes with spring-web-3.2.18.RELEASE) which is provided in distribution has following Security Vulnerability.

       

      The org.springframework:spring-web package is vulnerable to deserialization of untrusted data leading to Remote Code Execution (RCE).

      The readRemoteInvocation method in HttpInvokerServiceExporter.class does not properly verify or restrict untrusted objects prior to deserializing them. An attacker can exploit this vulnerability by sending malicious requests containing crafted objects, which when deserialized, execute arbitrary code on the vulnerable system.

       

      The spring-core and spring-web modules of Spring Framework are vulnerable to a multipart content pollution vulnerability. The generateMultipartBoundary() method in the MimeTypeUtils class uses a predictable method of generating random values to use as boundary values for multipart requests to other servers. This means that an attacker may be able to predict the boundary values and inject them into requests at unexpected locations, causing the recipient server to incorrectly interpret the multipart request. This will result in unexpected behavior depending on the requests being processed, including privilege escalation if authorization data is sent in the multipart request.

      Note:

      In order for the attacker to succeed, they would have to be able to guess the multipart boundary value chosen by server A for the multipart request to server B, which requires the attacker to also have control of the server or the ability to see the HTTP log of server A through a separate attack vector.

       

      Spring Framework is vulnerable to Cross-Site Tracing (XST) attacks. The HiddenHttpMethodFilter class lets an attacker change the HTTP request method to TRACE. An attacker can exploit this behavior with an Cross-Site Scripting (XSS) attack by sending a TRACE request and recovering information that would not normally be accessible, such as Cookies with the HTTPOnly flag.

       

      Please check and provide fix for this.

      Attachments

        Activity

          People

            spyhunter99 Alex O'Ree
            amol_bhonsle@bmc.com Amol Bhonsle
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: